Mailchimp Access Key
Description
This check detects a Mailchimp access key referenced in your source code. The key enables an authenticated user to perform operational and management activities exposed by Mailchimp's developer API service.
Remediation
Mailchimp
. Revoke Secret. + An activated API Key can be deactivated from the Mailchimp dashboard under the Extras/API Key tab.
. Go to https://us1.admin.mailchimp.com/account/api/ to open the API Keys section of your account.
. Find the API key you want to disable, and toggle the slider in the Status column for that API key.
. Find the API key you want to disable and click Disable.
. In the pop-up modal, click Disable.
. Clean the git history. + Go under the settings section of your GitHub project and chose the change visibility button at the bottom.
. Check the API calls logs in the Mailchimp dashboard to ensure the key was not utilized during the compromised period.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-1309 |
| Severity | LOW |
| IaC Type | secrets |
| Frameworks | Git |
| Checkov ID | CKV_SECRET_11 |